Comprehensive Network Access Control Based on the Network You Have Today. Juniper Networks Unified Access Control
|
|
- Clifton O’Connor’
- 6 years ago
- Views:
Transcription
1 Comprehensive Network Access Control Based on the Network You Have Today Juniper Networks Unified Access Control
2 Juniper Networks Unified Access Control Juniper Networks IC 4000 Juniper Networks IC 6000 You need to control access to your LAN for users such as guests, contractors and your own employees. Juniper Networks Unified Access Control solution will help you meet that need regardless of the architecture in the network segment you re concerned about today. Juniper Networks Unified Access Control delivers a comprehensive solution that: Combines user identity, device security state and location information for session-specific access policy by user. Uses the network you already own, including your Authentication, Authorization, Auditing (AAA) infrastructure, any 802.1X-enabled switches or access points and/or any Juniper firewalls. Is based on field-tested components being used today in thousands of deployments worldwide.
3 1 The Need for Access Control In today s enterprise, the network is increasingly becoming the business. Diverse users, including employees, guests, contractors and partners, need access to a myriad of network resources and applications, ranging from simple Internet access to sensitive internal data. As access has grown, however, so too has the risk in providing it. Enterprise users may become unknowingly infected when surfing the Internet or working remotely, then bring those infected devices directly into the network. Users accessing the WAN from within the LAN without any access controls can open the enterprise to a host of threats. Guest users who may only need an Internet connection can come onto the network with their own unmanageable devices, and unknowingly expose-sensitive LAN resources to malware. Controlling access to the network is not new. In many cases the term simply serves to unify a number of disparate problems that enterprises have been wrestling with for some time. As the category has become more defined, however, a plethora of solutions has emerged, each of which attempts to handle access control in a different way. Some common methods include solutions that use DHCP, 802.1X, VLANs, inline devices, firewalls, IPSec gateways and host-based software. Each of these technologies alone can have significant drawbacks, which is why many solutions employ a combination of them. This can make it very difficult to get a clear picture of any one solution and how it functions. An Access Control Solution You Can Trust The Juniper Networks Unified Access Control (UAC) v2.0 solution combines the best of access control technologies while leveraging the existing enterprise investments and deployments. All policy is created and pushed by the Infranet Controller, a hardened centralized policy server. User identity, device state and network location can be determined by a dynamically deployable Agent as well as via agentless mode where installing a software client is not feasible. Finally, UAC can enforce policy at Layer 2 using any vendor s 802.1X-enabled switches or wireless access points, at Layers 3-7 using Juniper firewalls, or both. Every component, including the Infranet Controller, UAC Agents and enforcement points is built on field-tested, widely deployed devices, including features from Juniper s Secure Access SSL VPN with its legacy of dynamic endpoint assessment and seamless interaction with the AAA backbone; Juniper Networks Odyssey Access Client (OAC), the market-leading 802.1X supplicant; and Juniper Networks Steel-Belted Radius (SBR), the de facto standard in RADIUS servers. The result is a uniquely flexible solution that combines user identity, device security state information and network location to create a session-specific access control policy for each user using the network that you have in place today.
4 2 Juniper Networks Unified Access Control Juniper Networks Unified Access Control Components in Detail Juniper s UAC solution incorporates three primary elements that are the result of real-world experience in the access control area (from SSL VPN) as well as the AAA world (OAC and SBR). They include: The Infranet Controller The Infranet Controller is the centralized security policy engine optimized for LAN access control. Based on Juniper s market-leading Secure Access SSL VPN appliances, the Controller can push an agent down to the endpoint, collect information from the agent and act as an interface with your existing enterprise AAA infrastructure. Once user credentials are validated and the security state established, the Controller implements the appropriate access policy for each user/session, and pushes that policy to enforcement points throughout the network. The Controller also features integrated RADIUS functionality from -SBR, the de facto standard in RADIUS servers. This enables the Controller to support an 802.1X transaction when an endpoint enters the network, and provides a second method of user authentication and policy enforcement. The UAC Agent The UAC Agent is a dynamically downloaded agent that can be provisioned in real time by the Controller, installed using Juniper s Installer Service or deployed by other methods. The Agent serves to collect user credentials, as well as to assess the security state of the endpoint. The UAC Agent includes the means to access the network both at Layer 2 with 802.1X via integrated functionality from the OAC, as well as at Layer 3. These capabilities include an integrated personal firewall for dynamic client-side enforcement of policies, as well as specific functionality for Windows devices that includes IPSec VPN (which enables encryption from the endpoint to the firewall) and Single SignOn to Active Directory. The Agent also includes Host Checker functionality, familiar from thousands of Juniper Secure Access SSL VPN deployments, which enables the administrator to scan endpoints for a variety of security applications/states including, but not limited to, antivirus, malware and personal firewalls. UAC also enables custom checks of elements, such as registry and port status, and can do an MD5 checksum to verify application validity. Deployment is simplified with predefined Host Checker policies, as well as automatic monitoring of AV signature files for the latest definition files for posture assessment. Access can also be provisioned in agentless mode, in circumstances where downloads of any software are not practical, such as in guest deployments. Access through agentless mode still includes provisioning of Host Checker, enabling the enterprise to guarantee the security state of all network users. UAC enforcement points While the Infranet Controller and the UAC Agent are somewhat deployment neutral, the choice of enforcement points is often the limiting factor with a network access control solution. Juniper has solved this problem by creating a solution that is as functional with enforcement at Layer 2 as it is at Layers 3-7. For Layer 2 enforcement, UAC can work with any vendor s standards-compliant 802.1X-enabled wired or wireless switching infrastructure. Layer 3-7 enforcement is provided via any Juniper Networks firewall/vpn platform including the Integrated Services Gateway with Intrusion Detection and Prevention and the Secure Services Gateway secure routing platforms. Juniper s wide range of
5 3 firewalls offers throughput ranging from 75Mbps to 30Gbps, while some firewalls also support threat management capabilities, including Juniper s Intrusion Detection and Prevention functionality, as well as network-based antivirus, anti-spam and URL filtering capabilities. All of these capabilities can be dynamically leveraged as part of the UAC solution. Customers can use UAC not only to enforce access control policies but also to apply security policies such as deep packet inspection, antivirus and URL filtering on a per user/session basis. This enables the enterprise to unify the application of access and security policies for comprehensive network access and threat control. Unified Access Control in Action Instead of simply authenticating users once and providing relatively crude access controls based on network segmentation only, the UAC solution incorporates three different levels of sessionspecific policy, including authentication/authorization, roles and resource policies. Together these different policy types can be used to create extremely granular access control that is also easy to deploy, maintain and change. When a device comes onto the network, the first step in a controlled session is for the Infranet Controller to map it to a role. The information required for this mapping is collected by the UAC Agent or via Host Checker in the case of an agentless deployment. The request from the user (in either 802.1X mode or non-802.1x mode, via browser-based agents that are provisioned to the endpoint) reveals a number of different end-user attributes, including source IP, MAC address, network interface (internal versus external), digital certificate if one exists, browser type, SSL version and the results of the endpoint security check. Once credentials are submitted, the Controller features a comprehensive authentication, authorization and accounting engine for seamless deployment into almost all popular AAA settings, including existing RADIUS, LDAP, AD, Netegrity SiteMinder, Certificate/PKI servers and Anonymous Authentication servers. The Controller then combines the user credentials, and group or attribute information (for example, group membership, if any), with additional information gathered, such as endpoint compliance state and network location. This combination allows the Controller to dynamically map the user to the second step of access control a role for the session. Role attributes can encompass session attributes/parameters, and can also specify restrictions with which the user must comply before the user can map to a role. These restrictions are extremely useful in settings where security is vital and compliance must be ensured. The third and final step in access control is the assignment of the resource policy, which governs network and resource access. Some examples include Layer 2 RADIUS attribute-based policies such as VLAN assignments and/or vendor specific attributes, as well as Layer 3 policies that govern access to IP addresses/netmasks, ports or ranges of the above. Layer 7 policies, such as IDP policies or URL filtering, provide additional levels of dynamic threat management. Each successive layer of policy can add still more granularity to overall access control, in contrast to some solutions that only have one or two steps in the access control process. For example, in a combined 802.1X and network enforcement environment, UAC can provision a dynamic VLAN assignment along with resource access policies on the Infranet Enforcers to fully control user access throughout the network. At the same time, this level of granularity can be flattened if the customer does not require it or if the level of protection needed does not merit it. Granular policies are easy to set up and maintain, as they can be duplicated, inherited and edited for streamlined administration. Each time there is a need to create new policies based on those in use, administrators may reuse those that have been already set, including: dynamic authentication policies; role definitions; role settings; and resource authorization policies, including multiple resource groupings that can be associated with the same role, and additional roles that can be easily added to existing resource groupings.
6 4 Juniper Networks Unified Access Control One Network Access Control Solution for All Your Users One of the primary hurdles in deploying access control is determining what user type it is meant to serve. Each comes with its own set of challenges guest users, for example, probably bring their own device that you cannot manage and may not even be able to check. These users often need very limited access to corporate resources, but frequently get the Internet access they really need via a wireless LAN that can give them a way into your enterprise s most sensitive materials. Employees present a completely different set of challenges. In this case, you typically can manage the device when it is on your network. The activities that occur when the device is being used elsewhere, however, can pose a significant challenge. Adding to the complexity is most users don t thoroughly understand the ins-and-outs of security applications and they don t want to learn. They want to be productive wherever they are. Unfortunately, when the unaware user meets today s talented, well-armed attackers, the results can be as devastating as they are unintentional. Additionally, specific groups of users may require access to privileged resources that need to be protected from the general user population. Finally, there is the problem of contractors. These users present a unique profile in that they may need access to more sensitive resources, but they will often have their own devices. A good way to picture this user group is to picture a group of auditors. These professionals know their business very well but they don t know your network, and they probably don t have device security as a top-of-mind concern. Juniper s Unified Access Control solution can address each of these user types without overloading your help desk. There are several different methods to accommodate guest users, depending on how your network is configured. If you are using 802.1X infrastructure as enforcement for example, in a wireless deployment it s safe to assume that the guest will neither have your 802.1X supplicant installed, nor will the guest be able to install it. The cross-platform UAC agentless mode was developed specifically for this use case, and supports browser-based validation of user credentials and scanning of endpoints for posture assessment both before user authentication and throughout the user session. The guest can be directed to a very restricted VLAN for limited access. If you are using Juniper firewalls as an additional or alternate enforcement point, you can further control guest access within the network. The flexible UAC solution can support a variety of guest-access policies such as no guest access at all, access requiring an Acceptable Use Policy, access requiring a basic level of endpoint integrity (such as an antivirus client) without an authentication component or open guest access to the Internet while restricting access to protected corporate resources. Because your employees are probably using managed devices, it is tempting to think that they would be much easier to manage than guest users, but in reality this may not be the case. One consideration is sheer numbers it is a reasonable expectation that employees will outnumber guests in most typical enterprises. For an access solution to succeed in this environment, it must be capable of being deployed or updated in real time, and it must enable self-remediation to the greatest extent possible. Juniper s UAC solution meets these needs with ease. The UAC agents can be deployed as part of a standard image, using the Juniper Installer Service, or sent down in real time from the network. If you are using 802.1X infrastructure as an enforcement mechanism, the user without the UAC Agent can be sent to a default VLAN to download it. If you are using Juniper firewalls as an additional or alternate enforcement point, the user can be redirected using captive portal technology (the hotel experience ). Privileged users can be identified by their authentication attributes (username, group membership or extensively customizable LDAP attribute checking) and provisioned additional access to critical resources, subjected to additional endpoint security requirements, and so on.
7 5 Accommodating the needs of contractors varies depending on a number of factors, including the sensitivity of the resources that they will need to access and the length of time for which the assignment is scoped. This is another area in which Juniper s experience with dynamic downloads can greatly ease a deployment. The endpoint device can be checked and the UAC Agent deployed, or the deployment can be done in agentless mode, depending upon your infrastructure and what you need the solution to do. Access control policies on the Juniper firewalls can provide timebased access restrictions as well as additional L7 threat management functionality. Another consideration for all users, regardless of role, is the ability to identify and isolate endpoints that are not in compliance with enterprise security requirements and to allow the user the ability to self-remediate or, in some cases, to auto-remediate for the user so no action is required on their part. Along with its extensive endpoint compliance checking capability, the UAC solution offers equally customizable remediation handling: restricting users to a remediation VLAN or network segment containing only a remediation server, providing the ability to offer customized instructions specifying exactly what is out of compliance and how to fix it, and remediating for the user where possible and appropriate. Change Your Network, Not Your Network Access Control Juniper Networks realizes that the enterprise network is never truly static. An access control solution must be granular enough to provide the controls needed, but flexible enough to accommodate changing infrastructure and deployments. In addition, the purpose of the access control itself can change. One example might be in a wireless deployment. Initially, the UAC solution might be deployed to provide an additional layer of access control to your WLAN, by ensuring that users are authenticated. Over time, however, there may be a desire to check the endpoint security state of users and ensure that they comply with minimum acceptable limits. UAC makes it easy to achieve both goals in a single deployment. Once the wireless network is secure, that same functionality can be extended to the wired network, providing a unified, centrally managed solution for all user access. One of the biggest roadblocks around deploying access control is the on or off dilemma it implies. UAC makes getting around this hurdle easy, particularly if you are using a Juniper firewall as an enforcement point. All Juniper firewalls can be deployed in transparent mode, making it unnecessary to reroute your network. The system can then be placed in Audit mode. You ll find out what would have happened had access controls been in place without affecting user traffic. In fact, some customers choose to use only Audit mode to help them meet compliance requirements. Still another deployment strategy that works particularly well with UAC is the idea of a phased deployment. The fact is that few networks have an enterprise-wide deployment of both 802.1X infrastructure or Juniper firewalls. Most have some wireless in one segment, firewalls in another, and 802.1X wired switches in still another. While the intent may be to standardize, it is part of the fluid nature of the network that such standard deployments rarely exist in reality. With UAC, however, it doesn t matter. Because Juniper offers two very different modes of enforcement vendor-agnostic 802.1X wired switches/wireless access points or Juniper firewalls you can build on the deployment you have today. You may want to enable 802.1X for port-based access control on a conference room switch, and then add a Juniper firewall to provide network-based access control protecting a server subnet or other critical resource, then roll out 802.1X to employee cubes and add IPSec enforcement of user traffic going to the protected resource. The possibilities are as varied as your network environment. And Juniper UAC is built to change. Should you want to add an additional method of enforcement, there is no need to change anything about your UAC deployment but the policies themselves. There is no need to redeploy the Infranet Controller or to download new UAC Agent software. New enforcement methods can be added seamlessly.
8 6 Juniper Networks Unified Access Control CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICA Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA Phone: 888.JUNIPER ( ) or Fax: EAST COAST OFFICE Juniper Networks, Inc. 10 Technology Park Drive Westford, MA USA Phone: Fax: ASIA PACIFIC REGIONAL SALES HEADQUARTERS Juniper Networks (Hong Kong) Ltd. 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: Fax: Next Steps For more information on how your company can benefit from Juniper Networks products, please contact your sales representative or visit: services/unified_access_control/index.html About Juniper Networks Juniper Networks develops purpose-built, high-performance IP platforms that enable customers to support many different services and applications at scale. Service providers, enterprises, governments, and research and education institutions rely on Juniper to deliver a portfolio of proven networking, security, and application acceleration solutions that solve highly complex, fast-changing problems in the world s most demanding networks. Additional information can be found at EUROPE, MIDDLE EAST, AFRICA REGIONAL SALES HEADQUARTERS Juniper Networks (UK) Limited Building 1 Aviator Park Station Road Addlestone Surrey, KT15 2PG, U.K. Phone: 44.(0) Fax: 44.(0) Copyright 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. To purchase Juniper Networks solutions, please contact your Juniper Networks sales representative at or authorized reseller Apr 2008
Coordinated Threat Control
Application Note Coordinated Threat Control Juniper Networks Intrusion Detection and Protection (IDP) and Secure Access SSL VPN Interoperability Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,
More informationUNIFIED ACCESS CONTROL
PRODUCT CATEGORY BROCHURE UNIFIED ACCESS CONTROL Comprehensive Network Access Control Using the Network You Have Today Juniper Networks Unified Access Control is a comprehensive access control solution
More informationEnterprise Guest Access
Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of
More informationGuest Access Made Easy
WHITE PAPER Guest Access Made Easy Juniper Networks Unified Access Control and EX Series Ethernet Switches Solve Today s NAC Problems Copyright 2009, Juniper Networks, Inc. Table of Contents Table of Figures
More informationJuniper Networks Adaptive Threat Management Solutions
Solution Brochure Juniper Networks Adaptive Threat Management Solutions Implement these Dynamic and High-Performance Security Solutions to Gain Network-wide Visibility and Control to Adapt to Evolving
More information802.1X: Port-Based Authentication Standard for Network Access
WHITE PAPER 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) A Secure, Strong and Flexible Framework for Network Access Control (NAC) Copyright 2010, Juniper Networks, Inc. Table
More informationSecure Remote Access with Comprehensive Client Certificate Management
APPLICATION NOTE SA Series SSL VPN Appliances and MultiFactor SecureAuth Solution Secure Remote Access with Comprehensive Client Certificate Management Copyright 2009, Juniper Networks, Inc. 1 Table of
More information802.1X: Port-Based Authentication Standard for Network Access Control (NAC)
White Paper 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationJuniper Networks M-series and J-series Routers. M10i. Solution Brochure J4350. Internet. Regional Office/ Medium Central Site. Branch Office J2320
Branch Office Solution Brochure Juniper Networks Enterprise Routers New Levels of Security, Availability, Predictable Performance, and Operations Agility for Today s High-Performance Businesses Juniper
More informationOne Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software
Solution Brochure High-Performance Networking for the Enterprise with JUNOS Software Using the Network to Achieve Higher Availability, Lower OPEX and Improved Productivity for Your Business Core Branch
More informationQUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS
APPLICATION NOTE QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS Configuring Basic Security and Connectivity on Branch SRX Series Services Gateways Copyright 2009, Juniper Networks, Inc. Table
More informationJ-series Advanced Switching Configuration
Application Note J-series Advanced Switching Configuration Configuring JUNOS Software Advanced Switching on J-series Services Routers Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California
More informationSecurity Solutions Portfolio
Fixed Telecommuter or Small Medium Office SSG 550M Security Solutions Portfolio Integrated Firewall/VPN Solutions SSG 140 Branch Office...... SSG 320M SSG 350M... SSG 5 SSG 20 Regional Office SSG 520M...
More informationVMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES
APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright 2010, Juniper Networks, Inc. 1 Table
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationJuniper Networks Secure Access 700
Juniper Networks Secure Access 700 Page Datasheet The Juniper Networks Secure Access 700 (SA 700) SSL VPN appliance provides small to medium enterprises a secure, cost-effective way to deploy remote access
More informationWX CENTRAL MANAGEMENT SYSTEM
DATASHEET WX CENTRAL MANAGEMENT SYSTEM Product Overview When it comes to WAN optimization, visibility into the distributed enterprise is absolutely critical to understand how applications are performing,
More informationPulse Policy Secure. Getting Started Guide. Product Release 5.1. Document Revision 1.0 Published:
Pulse Policy Secure Getting Started Guide Product Release 5.1 Document Revision 1.0 Published: 2014-12-15 2014 by Pulse Secure, LLC. All rights reserved Pulse Secure, LLC 2700 Zanker Road, Suite 200 San
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationJuniper Networks IDP 75/250/800/8200
Datasheet Juniper Networks IDP 75/250/800/8200 With the growing number and sophistication of network attacks, it s ever more important for companies to safeguard their networks. The problem is further
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationJUNIPER NETWORKS PRODUCT BULLETIN
PRODUCT BULLETIN JUNIPER NETWORKS PRODUCT BULLETIN Junos Pulse Mobile Security Suite 4.2 What s New for Enterprises and Service Providers Bulletin Date January 24, 2013 Bulletin Number 8000022 Applicable
More informationJUNOS SCOPE SOFTWARE IP SERVICE MANAGER
DATASHEET JUNOS SCOPE SOFTWARE IP SERVICE MANAGER Product Overview Product Description As service providers and enterprises evolve to meet the demands of their customer base, one key to success is the
More informationWX Client. Product Description. Product Overview DATASHEET
DATASHEET Client Product Overview The Client is a leading-edge, Windows-based WAN optimization software for mobile end users and small office/home office end users. The Client improves application response
More informationVendor: Juniper. Exam Code: JN Exam Name: Junos Pulse Access Control, Specialist (JNCIS-AC) Version: Demo
Vendor: Juniper Exam Code: JN0-314 Exam Name: Junos Pulse Access Control, Specialist (JNCIS-AC) Version: Demo QUESTION: 1 A user signs into the Junos Pulse Access Control Service on a wired network. The
More informationSOLUTION BROCHURE. Mobility Changes Everything
SOLUTION BROCHURE Simply Connected The New Campus Network Mobility Changes Everything Simply Connected Vision The challenge of the new business network is expectations: Expectations of solving long-standing
More informationSymantec Network Access Control Starter Edition
Symantec Network Access Control Starter Edition Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access
More informationProduct Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways
DATASHEET MAG Series Junos Pulse Gateways Product Overview The challenge for today s technology leader is to build an infrastructure that provides easy, secure access to the corporate network for all workers
More informationData Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement
Simplified endpoint enforcement Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationSymantec Network Access Control Starter Edition
Simplified endpoint compliance Overview makes it easy to begin implementing a network access control solution. It offers a subset of Symantec Network Access Control functionality that can be completely
More informationReviewer s guide. PureMessage for Windows/Exchange Product tour
Reviewer s guide PureMessage for Windows/Exchange Product tour reviewer s guide: sophos nac advanced 2 welcome WELCOME Welcome to the reviewer s guide for NAC Advanced. The guide provides a review of the
More informationNetwork Configuration Example
Network Configuration Example Configuring Authentication and Enforcement Using SRX Series Services Gateways and Aruba ClearPass Policy Manager Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationJunos Pulse Access Control Service
Junos Pulse Access Control Service RADIUS Server Management Guide Release 4.4 Published: 2013-02-15 Part Number: Juniper Networks, Inc. 1194 rth Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
More informationCisco NAC Network Module for Integrated Services Routers
Cisco NAC Network Module for Integrated Services Routers The Cisco NAC Network Module for Integrated Services Routers (NME-NAC-K9) brings the feature-rich Cisco NAC Appliance Server capabilities to Cisco
More informationJuniper Networks M Series and J Series Routers
PRODUCT CATEGORY BROCHURE Juniper Networks M Series and J Series Routers Juniper Networks Enterprise Routers New Levels of Security, Availability, Predictable Performance, and Operations Agility for Today
More informationProduct Description. Product Overview DATASHEET
DATASHEET VGW Gateway Product Overview Juniper Networks vgw Gateway is a comprehensive virtualization security solution that includes integrated stateful inspection firewalling, intrusion detection, compliance
More informationCONFIGURING THE CX111 FOR THE SSG SERIES
APPLICATION NOTE CONFIGURING THE CX111 FOR THE SSG SERIES How to Configure the SSG Series for 3G Wireless WAN Termination Using the CX111 Cellular Broadband Data Bridge Copyright 2010, Juniper Networks,
More informationNetworks with Cisco NAC Appliance primarily benefit from:
Cisco NAC Appliance Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrators to authenticate, authorize, evaluate,
More informationForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management
Brochure ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management Benefits Security Gain real-time network intelligence users,
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationSBR ENTERPRISE SERIES STEEL-BELTED RADIUS SERVERS
DATASHEET SBR ENTERPRISE SERIES STEEL-BELTED RADIUS SERVERS Product Overview Today, global enterprises, government agencies, and their respective networks face many obstacles. Chief among these obstacles
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationJ-Care Agility Services Advanced Options
J-Care Agility Services Advanced Options Focused Technical Support Services Description Table of Contents 1. Introduction...2 2. Eligibility and Purchasing...2 3. Service Features and Deliverable Description...2
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationPulse Policy Secure X Network Access Control (NAC) White Paper
Pulse Policy Secure 802.1X Network Access Control (NAC) White Paper Introduction The growing mobility trend has created a greater need for many organizations to secure and manage access for both users
More informationMobility Optimized Access Layer
solution brief Mobility Optimized Access Layer Completing the Hive with Aerohive Switches Designing for Mobile First Legacy enterprise networks were never designed to accommodate the complexity of a mobile-first
More informationUser-to-Data-Center Access Control Using TrustSec Design Guide
CISCO VALIDATED DESIGN User-to-Data-Center Access Control Using TrustSec Design Guide October 2015 REFERENCE NETWORK ARCHITECTURE Table of Contents About This Document... 1 Cisco TrustSec Overview... 2
More informationFIPS Validated i WLAN
Tech Brief Government FIPS Validated 802.11i WLAN Meeting Government Requirements for Secure Mobile Data Situation From the boardroom to the battlefield, no entity has a greater need for mobile communications
More informationJuniper Networks Certification Program
Juniper Networks Certification Program ecertificate Download and Print Instructions OVERVIEW Your JNCP ecertificates are now available in your user account on the Juniper Networks Learning Portal. Please
More informationGLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications
GLOBALPROTECT Prevent Breaches and Secure the Mobile Workforce GlobalProtect extends the protection of Palo Alto Networks Next-Generation Security Platform to the members of your mobile workforce, no matter
More informationCisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1
Cisco ISE Overview, page 2 Key Functions, page 2 Identity-Based Network Access, page 2 Support for Multiple Deployment Scenarios, page 3 Support for UCS Hardware, page 3 Basic User Authentication and Authorization,
More informationNovell ZENworks Network Access Control
Brochure RESOURCE MANAGEMENT www.novell.com Novell ZENworks Network Access Control Novell and Your Strong Perimeter Fast pre-connect testing that does not interfere with the end user s logging on experience
More informationKlaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access
Klaudia Bakšová System Engineer Cisco Systems Cisco Clean Access Agenda 1. Securing Complexity 2. NAC Appliance Product Overview and In-Depth 3. NAC Appliance Technical Benefits The Challenge of Securing
More informationA HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage
A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION Establish Create Use Manage SIMPLE. SECURE. SMART. ALL FROM A SINGLE SOURCE. As the ways to access your organization and its sensitive data increase,
More informationJuniper Sky Advanced Threat Prevention
Juniper Sky Advanced Threat Prevention Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX Series Services
More informationJuniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]
s@lm@n Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ] Topic 1, Volume A Question No : 1 - (Topic 1) A customer wants to create a custom Junos
More informationJUNOS SPACE ROUTE INSIGHT
DATASHEET JUNOS SPACE ROUTE INSIGHT Product Overview Junos Space Route Insight is designed for network engineers and operators who manage today s complex, mission critical enterprise and service provider
More informationPULSE POLICY SECURE. Product Description. Product Overview DATASHEET
DATASHEET PULSE POLICY SECURE Product Overview Pulse Policy Secure is a market leading network and application access control (NAC) solution that ensures network access only to authorized and secured users
More informationPULSE POLICY SECURE. Product Description. Product Overview DATASHEET
DATASHEET PULSE POLICY SECURE Product Overview Pulse Policy Secure is a market leading network and application access control (NAC) solution that ensures network access only to authorized and secured users
More informationProduct Description. Architecture and Key Components of the MAG Series Junos Pulse Gateways. Product Overview DATASHEET
DATASHEET MAG Series Junos Pulse Gateways Product Overview The challenge for today s technology leader is to build an infrastructure that provides accelerated, rolebased secure access to the corporate
More informationCONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS
APPLICATION NOTE CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS Protect your Web Applications from Brute Force Credential Attacks Using WebApp Secure and Intrusion Deception Technology
More informationCisco Identity Services Engine (ISE) Mentored Install - Pilot
Cisco Identity Services Engine (ISE) Mentored Install - Pilot Skyline Advanced Technology Services (ATS) offers Professional Services for a variety of Cisco-centric solutions. From inception to realization,
More informationApplications for an Independent Control Plane
Application Note Applications for an Independent Control Plane JCS 1200 Application Note Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net
More informationNetwork Security Protection Alternatives for the Cloud
A Trend Micro White Paper May 2016 Network Security Protection Alternatives for the Cloud» A technical brief summarizing the deployment options that can be used to deploy IDS/IPS protection for cloud instances
More informationIndustry Tested, Government-Certified
DATASHEET Product Overview As the demand to enable users to work from anywhere, at anytime increases, so does the need for secure network accessibility and robust authentication. Mobility drives the need
More informationNSG100 Nebula Cloud Managed Security Gateway
Managed Security Gateway The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive
More informationProduct Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways
DATASHEET MAG Series Junos Pulse Gateways Product Overview The challenge for today s technology leader is to build an infrastructure that provides easy, secure access to the corporate network for all workers
More informationForeScout ControlFabric TM Architecture
ForeScout ControlFabric TM Architecture IMPROVE MULTI-VENDOR SOLUTION EFFECTIVENESS, RESPONSE AND WORKFLOW AUTOMATION THROUGH COLLABORATION WITH INDUSTRY-LEADING TECHNOLOGY PARTNERS. The Challenge 50%
More informationHazardous Endpoints Protecting Your Network From Its Own Devices
Hazardous Endpoints Protecting Your Network From Its Own Devices Abstract The increasing number and types of attacks launched from endpoint devices can no longer be ignored, and organizations must shift
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationKaspersky Security for Virtualization Frequently Asked Questions
Kaspersky Security for Virtualization Frequently Asked Questions 1. What is Kaspersky Security for Virtualization, and how does it work with vshield technology? Kaspersky Security for Virtualization for
More informationNSG50/100/200 Nebula Cloud Managed Security Gateway
NSG50/100/200 Managed The Zyxel Managed is built with remote management and ironclad security for organizations with growing numbers of distributed sites. With the extensive suite of security features
More informationAerohive and IntelliGO End-to-End Security for devices on your network
Aerohive and IntelliGO End-to-End Security for devices on your network Introduction Networks have long used a password to authenticate users and devices. Today, many cyber attacks can be used to capture
More informationNETWORK ACCESS CONTROL OVERVIEW. CONVENIENCE. SECURITY.
NETWORK ACCESS CONTROL OVERVIEW. CONVENIENCE. SECURITY. MACMON MODULE & BUNDLES DEVELOPMENT It is macmon s mission to improve and further develop its products. Exciting extensions are currently being worked
More informationJUNIPER SKY ADVANCED THREAT PREVENTION
Data Sheet JUNIPER SKY ADVANCED THREAT PREVENTION Product Overview Juniper Sky Advanced Threat Prevention is a cloud-based service that provides complete advanced malware protection. Integrated with SRX
More informationExtending Enterprise Security to Public and Hybrid Clouds
Extending Enterprise Security to Public and Hybrid Clouds Juniper Security for an Ever-Evolving Market Challenge Enterprises are migrating toward public or hybrid clouds much faster than expected, creating
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationUTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution
UTM Firewall Registration & Activation Manual DFL-260/ 860 Ver 1.00 curitycu Network Security Solution http://security.dlink.com.tw 1.Introduction...02 2.Apply for a D-Link Membership...03 3.D-Link NetDefend
More informationKey Benefits of Correlating Data with STRM in Juniper Secure and Assured Networks
Application Note Key Benefits of Correlating Data with STRM in Juniper Secure and Assured Networks Juniper Security Threat Response Management Enables Threat and Log Management, Compliance and IT Efficiency
More informationThe Aruba Mobile Virtual Enterprise for Government. The Next Generation Network Access Architecture for Mobile Technology
The Next Generation Network Access Architecture for Mobile Technology Table of Contents Government agencies recognize the benefits of mobility 3 MOVE: A user-centric, role-based access architecture for
More informationJuniper Networks EX-series Ethernet Switches
Product Brochure Juniper Networks EX- Ethernet Switches Advancing the Economics of Enterprise Networking Branch Offices Infranet Controller NSMXpress eries eries Juniper Network and Policy Management WAN
More informationCritical Infrastructure Protection for the Energy Industries. Building Identity Into the Network
Critical Infrastructure Protection for the Energy Industries Building Identity Into the Network Executive Summary Organizations in the oil, gas, and power industries are under increasing pressure to implement
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationPulse Policy Secure. Product Description. Product Overview
DATASHEET Pulse Policy Secure Product Overview Pulse Policy Secure is a market leading network and application access control (NAC) solution that ensures network access only to authorized and secured users
More informationMicrosoft DirectAccess
Microsoft DirectAccess The New Choice of Enterprises Over Traditional VPN Whitepaper August 2017 Microsoft DirectAccess The New Choice of Enterprises Over Traditional VPN Microsoft DirectAccess is a unique
More informationSingle Secure Credential to Access Facilities and IT Resources
Single Secure Credential to Access Facilities and IT Resources HID PIV Solutions Securing access to premises, applications and networks Organizational Challenges Organizations that want to secure access
More informationPulse Policy Secure. Identity-Based Admission Control with Check Point Next-Generation Firewall Deployment Guide. Product Release 9.0R1 Document 1.
Pulse Policy Secure Identity-Based Admission Control with Check Point Next-Generation Firewall Deployment Guide Product Release 9.0R1 Document 1.0 Published 10 May 2018 Pulse Secure, LLC 2700 Zanker Road,
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationAll-in one security for large and medium-sized businesses.
All-in one security for large and medium-sized businesses www.entensys.com sales@entensys.com Overview UserGate UTM provides firewall, intrusion detection, anti-malware, spam and content filtering, and
More informationEnterasys. Design Guide. Network Access Control P/N
Enterasys Network Access Control Design Guide P/N 9034385 Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site
More informationNEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL
PORTNOX PLATFORM NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL Portnox s Network Access Control Platform traverses across all network layers, whether physical, virtual or in the cloud
More informationJuniper Sky Enterprise
Juniper Sky Enterprise Product Overview Network complexity is growing exponentially. Traffic levels continue to rise thanks to the proliferation of mobile and Internet of Things (IoT) devices being connected
More informationThe Aruba S3500 Mobility Access Switch
Tech Brief Enterprise The Aruba S3500 Mobility Access Switch Tech Brief: The Aruba S3500 Mobility Access Switch Table of Contents Introducing the Aruba S3500 Mobility Access Switch... 2 Flexible deployment
More informationSystem Architecture Overview for THE Juniper Networks SSG500 Line
WHITE PAPER System Architecture Overview for THE Juniper Networks SSG500 Line Copyright 2009, Juniper Networks, Inc. Table of Contents Executive Summary...1 Introduction...1 The SSG500 Line...1 A Purpose-Built
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationGEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:
Advanced Compliance Enforcement for Healthcare Presented by: December 16, 2014 Adam Winn GEARS Product Manager OPSWAT Kevin Mayer Product Manager ForeScout Agenda Challenges for the healthcare industry
More information